1. Field of the Invention
The present invention relates to encryption of packets transferred over a wireless local-area network (WLAN), and particularly to a rekey operation that ensures a safe transition from an old encryption key to a new encryption key while minimizing storage area to perform the rekey operation.
2. Discussion of the Related Art
The 1999 Institute of Electrical and Electronic Engineers (IEEE) 802.11 standard describes a cost-effective, robust, high-performance wireless LAN technology. In wireless communication, messages can be transmitted as packets of data over a channel, wherein a packet has a header (e.g. including the receiver's address) as well as data. These packets can be place in a queue to facilitate efficient transmission. In compliance with the 1999 IEEE 802.11, the receiver receives these packets in the order transmitted by the sender.
Wireless communication can be characterized by two modes of operation: an infrastructure mode and an ad hoc mode. FIG. 1 illustrates an infrastructure mode, wherein an access point AP1 communicates with a plurality of clients C1, C2, and C3. Note that in order for client C1 to communicate with client C3, client C1 must communicate via access point AP1. An access point is a client that provides a distribution service (DS) and thus enables clients within the infrastructure to communicate between each other or to an external wired or wireless client.
Access point AP1 also serves as a distributor for clients C1, C2, and C3 to communicate with wired or wireless clients not associated with access point AP1. For example, access point AP1 can communicate with another access point either directly or through a distribution service (DS), such as access point AP2, which in turn can be associated with a plurality of clients C4 and C5.
In contrast, FIG. 2 illustrates an ad hoc (also called a peer-to-peer) mode, wherein clients C1, C2, and C3 can communicate directly without an access point. In this mode, each client can only communicate with other wireless clients associated to it but has no access to any other wired or wireless clients.
Note that a sender (or a receiver) could be an access point or a client in accordance with standard characterizations. The term “station”, as used herein, can generically refer to either an access point (in the AP mode) or a client (in the AP or ad-hoc mode).
To provide a level of security, wireless systems allow for encrypted communication. Communication between wireless stations can be encrypted using a symmetric key cryptographic algorithm. The encryption key's lifespan depends on both the length of the nonce (i.e. a pseudo-random or counter-derived value used with the encryption key), and the communicating data rates. For example, if the nonce is relatively short, then the lifespan of the maximum security provided by that encryption may be exhausted during a communications session spanning hours or even minutes; the higher the data rate, the shorter the lifespan. The 1999 IEEE 802.11 standard includes encryption as a service; however, it omits any specification for how encryption keys are obtained as well as how these keys may be updated.
A constraint arising when encryption is introduced into a wireless system is the demand in key management and storage area requirements. For example, referring back to FIG. 1, assume that encryption is desired in the communication links associated with access points AP1 and AP2 as well as clients C1-C5. In this case, a minimum of six symmetric encryption keys would be necessary, i.e. one key for each link of AP1/C1, AP1/C2, AP1/C3, AP2/C4, AP2/C5, and AP1/AP2. Many communications between the access points and their associated clients may require at least one change of the encryption key. This changing of the use of an old encryption key to a new encryption key is called a rekey operation.
For an access point, storing multiple keys for each client rapidly becomes commercially non-viable as the number of clients increases. Specifically, each key takes up a finite storage area. Thus, focusing on access point AP1 and assuming only one rekey is necessary for each link (AP1/C1, AP1/C2, AP1/C3, and AP1/AP2), storage of 8 encryption keys for access point AP1 is not a problem, but increasing its service to 100 clients (thereby creating 101 links and 202 encryption keys) would dramatically increase its storage area requirements.
An issue that arises when encryption is introduced into a wireless system is the management of the shared symmetric encryption key. While secure protocols for key exchange and key distribution exist, they are not included in the 1999 IEEE 802.11 specification. Thus, while it is feasible to accrue the information to manage a rekey operation, there is no specified protocol to affect a rekey.
Another issue arising from encryption is the assumption on data packet ordering. In the 1999 IEEE 802.11 specification, data packets are assumed to be transmitted and received in order. However, in future extensions providing for quality of service (QOS), the notion of priority queues is introduced. In priority queues, multiple traffic queues are present and are gated by priority. Thus, once communication between an access point and a client is begun, data packets are no longer guaranteed to arrive in order. Therefore, data packets are not guaranteed to arrive in any particular order, thereby preventing the use of implicit heuristics to determine when a new key has taken full effect.
In light of these problems, a need arises for a system and method of minimizing key storage area while ensuring a safe rekey operation.